A spec compliant, secure by default PHP OAuth 2.0 Server
revokeRefreshTokens()
for enabling or disabling refresh tokens after use (PR #1375)getKeyContents()
to the CryptKeyInterface
(PR #1375)invalid_grant
error and a HTTP 400 response. In previous versions the server incorrectly issued an invalid_request
and HTTP 401 response (PR #1042) (PR #1082)createAuthorizationRequest()
(PR #1111)finalizeScopes()
to allow a reference to an auth code ID (PR #1112)toString()
instead of the magic method __toString()
(PR #1395)